Dear i have some doubts
I have two isp and connected to core switch and in core switch i connected bluecoat for proxy. And I have 8 vlans.
The issue is that i need to block internet without proxy, if any one want to access internet it should goes through bluecoat.
things i have ==== vlan 2 in bluecoat.
vlan 1 are management vlan
Other vlans are users and servers guest.
and i have BVI interface in router and i am using two bvi interface.
i was done route map like this
ip access-list extended NO_PROXY
permit tcp any any eq www
permit tcp any any eq 443
# route-map LOCAL_ACCESS permit 10
match ip address NO_PROXY
set ip next hop "Bluecoat IP" 192.168.1.10
# assign on interface local:::::::::::
ip policy route-map LOCAL_ACCESS
can you help to block internet traffic with proxy, it has to go through proxy only.
Hello mr ....,
if you really want to block traffic directed to a web or https server when destination ip address ! = proxy ip address you can simply use extended ACLs applied inbound on each L3 interface facing clients
access-list 111 permit tcp any host proxy-ip eq 80
access-list 111 deny tcp any any eq 80
access-list 111 permit tcp any host proxy-ip eq 443
access-list 111 deny tcp any any eq 443
access-list 111 permit ip any any
int Vlan X
ip access-group 111 in
do it on all client facing L3 interfaces
Hope to help